What is a Phishing attack?
Phishing is a type of cyber attack that is engineered to steal user data – credit card info, passwords, or other personal information. It happens when an attacker, disguised as a trusted source, tricks their victim into opening an email and clicking on a bad link. Clicking on a bad link within a phishing attack can lead to the installation of Malware that can freeze up your systems. Some Malware is engineered to deploy ransomware – which completely locks the user out of their system in exchange and demands payment to restore operation.
Attack Techniques
In most occurrences, phishing attacks are often attempted via Email communication. We have seen spear-fishing attempts via SMS messages and phone calls. Email is the attackers preferred form of phishing because it is most believable. However, email is a numbers game to the attackers.
The attacker will send out hundreds of thousands of phishing loaded emails and even with a small success rate, they will still gather decent sums of money and information. Attackers are constantly changing their process to increase success rates. They will go great lengths to mimic actual emails from legitimate organizations. Using the same fonts, logos, imagery, and signatures.
Attackers often try to increase the sense of urgency by presenting an emergency style situation to the recipient. “Your password is set to expire in two days” or “your credit card information has expired”.
3 simple steps to reduce phishing attacks
- Educate yourself and your users on the recent advancements of cyber attacks. Everyone needs to be aware of what is going on in the world of cyber crimes. We often suggest that organizations send out email reminders to their staff about phishing attempts. Educational campaigns can also help diminish the threat of phishing attacks by enforcing secure practices, such as not clicking on external email links.
- Enable 2FA – two factor authentication. It adds an extra verification layer when logging in to sensitive applications. 2FA relies on users having two things: something they know, such as a password and user name, and something they have, such as their smartphones. Even when employees are compromised, 2FA prevents the use of their compromised credentials, since these alone are insufficient to gain entry.
- Partner with a security focused, IT service company such as Brown IT Solutions. Cyber security initiatives are often overlooked or under staffed – avoid this mistake by having professionals in your corner. We have security plans available for all business types and styles.
Contact Brown IT Solutions
Brown IT Solutions can assist you or your organization with developing your cyber security plan. Feel free to contact us to get started. We offer a free, no-hassle cyber security evaluation to all new clients.